Thank you for the question. First I'd just like to clarify that this video was not specifically about readelf, rather it was about ELF file section headers. readelf is just a utility that we can use to get information about the ELF file. In this case, we used it to display the information about the sections in this particular ELF. Matching up what we see in the hex editor with the readelf output helps solidify understanding. This video along with my other videos about the ELF file structure are designed to give you a basic understanding of the structure of the ELF structure including file header, sections, and segments. This background knowledge is useful, if not a prerequisite, for some of the upcoming videos I have planned. A good understanding of these concepts are useful in many endeavors such as debugging, vulnerability searching, reverse engineering, etc. Many of these concepts are very important when discussing what happens when the binary is loaded into memory, becomes a process, and is executed. I hope this answers your question. Feel free to ask again if it does not.
@@embeddedarmdev Emphatically satisfied by your explanation. Although, UNIX/Linux FILE, OBJDUMP, NM, LDCONFIG, and GDB these utilities do serve the Intel x86 arch-based info your emphasis particularly on the 'readelf' utility sheer obtaining headers, body, and tail info only be severed on a similar platform may not be used on ARM encoding which happens to be BigEndian. I must admit that readelf does giveaways a lot more info regarding binary structure/makeup of the file for its pertaining to given architecture either Intel/AMD or ARM.
Emran, You bring up a good point. In the video, I am using the x86 version of readelf which is designed to work with x86 architecture files. However, like you said, it works well enough for ARM binaries because interpreting that information does not require it to read the assembly. You mentioned objdump, nm, ldconfig, etc. On my host system, those are all x86 binaries and are designed for x86 binaries. You are correct that they would not work on ARM binaries. This is where you cross-compiling toolchain comes in. Note that in the video where I showed the dumped assembly, I did not use the standard x86 objdump to dump the binary to get the assembly. I used the cross-compile toolchain version arm-linux-gnueabi-objdump. This is an x86 binary that is designed for ARM binaries. So, it runs on x86, but processes ARM binaries. All of these tools you mention are included in the cross-compile toolchain. So, strictly speaking, when I was calling readelf on this ARM binary, to be most correct I really should have been calling the cross-compile version arm-linux-gnueabi-readelf. I hope this clarifies it for you. In case you are curious, here is a list of all of the utilities that are part of the toolchain on my system, just to give you an idea: arm-linux-gnueabi-addr2line arm-linux-gnueabi-ar arm-linux-gnueabi-as arm-linux-gnueabi-c++filt arm-linux-gnueabi-cpp arm-linux-gnueabi-cpp-5 arm-linux-gnueabi-dwp arm-linux-gnueabi-elfedit arm-linux-gnueabi-gcc arm-linux-gnueabi-gcc-5 arm-linux-gnueabi-gcc-ar arm-linux-gnueabi-gcc-ar-5 arm-linux-gnueabi-gcc-nm arm-linux-gnueabi-gcc-nm-5 arm-linux-gnueabi-gcc-ranlib arm-linux-gnueabi-gcc-ranlib-5 arm-linux-gnueabi-gcov arm-linux-gnueabi-gcov-5 arm-linux-gnueabi-gcov-tool arm-linux-gnueabi-gcov-tool-5 arm-linux-gnueabi-gprof arm-linux-gnueabi-ld arm-linux-gnueabi-ld.bfd arm-linux-gnueabi-ld.gold arm-linux-gnueabi-nm arm-linux-gnueabi-objcopy arm-linux-gnueabi-objdump arm-linux-gnueabi-ranlib arm-linux-gnueabi-readelf arm-linux-gnueabi-size arm-linux-gnueabi-strings arm-linux-gnueabi-strip
Pretty useful video, cleared lots of questions I had, thanks a lot!
Your videos are full of useful knowledge, super easy to understand, thank you a lot!!
Thank you very much. I'm glad you found them useful.
Great video thank you 👍
Your this series is very useful. Can you also make 1 video on program headers?
Thank you. Yes, program headers is next on my list. Should be done soon.
Hi , any new videos on ELF?
Hi where did you go?
desperately waiting for the program header and plt and got videos.
Program header is coming soon!
What is the purpose of this exercise what is the programmer will achieve after understanding 'readelf'?
Thank you for the question. First I'd just like to clarify that this video was not specifically about readelf, rather it was about ELF file section headers. readelf is just a utility that we can use to get information about the ELF file. In this case, we used it to display the information about the sections in this particular ELF. Matching up what we see in the hex editor with the readelf output helps solidify understanding.
This video along with my other videos about the ELF file structure are designed to give you a basic understanding of the structure of the ELF structure including file header, sections, and segments.
This background knowledge is useful, if not a prerequisite, for some of the upcoming videos I have planned. A good understanding of these concepts are useful in many endeavors such as debugging, vulnerability searching, reverse engineering, etc.
Many of these concepts are very important when discussing what happens when the binary is loaded into memory, becomes a process, and is executed.
I hope this answers your question. Feel free to ask again if it does not.
@@embeddedarmdev Emphatically satisfied by your explanation. Although, UNIX/Linux FILE, OBJDUMP, NM, LDCONFIG, and GDB these utilities do serve the Intel x86 arch-based info your emphasis particularly on the 'readelf' utility sheer obtaining headers, body, and tail info only be severed on a similar platform may not be used on ARM encoding which happens to be BigEndian. I must admit that readelf does giveaways a lot more info regarding binary structure/makeup of the file for its pertaining to given architecture either Intel/AMD or ARM.
Emran,
You bring up a good point. In the video, I am using the x86 version of readelf which is designed to work with x86 architecture files. However, like you said, it works well enough for ARM binaries because interpreting that information does not require it to read the assembly.
You mentioned objdump, nm, ldconfig, etc. On my host system, those are all x86 binaries and are designed for x86 binaries. You are correct that they would not work on ARM binaries. This is where you cross-compiling toolchain comes in. Note that in the video where I showed the dumped assembly, I did not use the standard x86 objdump to dump the binary to get the assembly. I used the cross-compile toolchain version arm-linux-gnueabi-objdump. This is an x86 binary that is designed for ARM binaries. So, it runs on x86, but processes ARM binaries. All of these tools you mention are included in the cross-compile toolchain.
So, strictly speaking, when I was calling readelf on this ARM binary, to be most correct I really should have been calling the cross-compile version arm-linux-gnueabi-readelf.
I hope this clarifies it for you. In case you are curious, here is a list of all of the utilities that are part of the toolchain on my system, just to give you an idea:
arm-linux-gnueabi-addr2line
arm-linux-gnueabi-ar
arm-linux-gnueabi-as
arm-linux-gnueabi-c++filt
arm-linux-gnueabi-cpp
arm-linux-gnueabi-cpp-5
arm-linux-gnueabi-dwp
arm-linux-gnueabi-elfedit
arm-linux-gnueabi-gcc
arm-linux-gnueabi-gcc-5
arm-linux-gnueabi-gcc-ar
arm-linux-gnueabi-gcc-ar-5
arm-linux-gnueabi-gcc-nm
arm-linux-gnueabi-gcc-nm-5
arm-linux-gnueabi-gcc-ranlib
arm-linux-gnueabi-gcc-ranlib-5
arm-linux-gnueabi-gcov
arm-linux-gnueabi-gcov-5
arm-linux-gnueabi-gcov-tool
arm-linux-gnueabi-gcov-tool-5
arm-linux-gnueabi-gprof
arm-linux-gnueabi-ld
arm-linux-gnueabi-ld.bfd
arm-linux-gnueabi-ld.gold
arm-linux-gnueabi-nm
arm-linux-gnueabi-objcopy
arm-linux-gnueabi-objdump
arm-linux-gnueabi-ranlib
arm-linux-gnueabi-readelf
arm-linux-gnueabi-size
arm-linux-gnueabi-strings
arm-linux-gnueabi-strip